Well, i have been - trying - to get the full potential out of a packet sniffer and i can see that it can be used for a miriad of things. It is flexible tool with lots to offer.

I started off with PacketMon but soon it became obvious that it is a great introductory tool to packet sniffing, i was looking for something a lot more customisable. So i went for the all pwerful Ethereal.
Homepage here: http://www.ethereal.com/
Download WIN32 version here: http://www.ethereal.com/distribution/win32/

I think i'd like to even compare the flexibility this tool has to offer with the all powerfull netcat. Of course, i still only have limited knowledge of this tool, though, but i have found a great reference manual: http://www.ethereal.com/docs/user-guide/
I think if this can be used correctly then auditing systems and such could be done a lot more thoroughly...

Anyways, any more experienced users out there who might be able to give some tips? Share some experience with us?

There is a myriad of solutions....


You remember Pay 2 Surf programs? Well, you can use packet sniffer to see what it is sending home, thats how people made all those cheats for it.

You have a cable modem? Well, one of the most crucial steps in uncapping your modem is to make sure you have the right cfg file name...Again, packet sniffer does this for you.

If you want a prettier version of a packet sniffer, get Iris by eEye, its nice...

What's this about uncapping a cable modem?
Is it like making a 1Mbit cablemodem boost to 2Mbit or more?

hmmm, looks like I shouldn't try to uncap my modem...

Interesting article here:
http://www.securityfocus.com/news/394

I love ethereal for general analysis although I hardly ever use it to actually capture packets. I will either use TCPDump (or windump) or Snort to actually capture packets and then I do analysis of them in Ethereal. Either TCPDump or Snort can be setup as simple (or very complex) packet loggers which can grab packets depending on a set of rules. Originally this ability was the purvue of Shadow and was put out by the navy. Shadow is still out there but I would much rather manage my rules in Snort than in BPF rules, just my personal preference.

The other thing to look at is how Ethereal will interpret a packet, all sniffers interpret them differently so even if you have a (very) expensive sniffer you may want to fire up Etherreal (or even tcpdump) to look at the packets in a different light.

Geez, I could keep going but maybe I should just write an article

-P.G.

Depends on your area...

For instance, in my area, I can only get up to about 3.5 mbit down, and 750kbit up because they still have a cap on the headend.

Some places, like RoadRunner, don't really cap at the head end, so you can get upwards of 6mbit down and 1-2mbit up.

That article represents the underlying theme for the underground world...If you are stupid, you will get caught...

Its that simple. I only uncap for a couple of hours at a time to upload or download a big file, then I set it back to normal.

www.cablemodemhack.com has good info.